Group Systems Security Manager

At AQA, we’re committed to advancing education and we’re committed to our people. As the largest provider of academic qualifications in the UK , we mark over 10 million exam papers each year and it’s our people who make this happen.

Group Systems Security Manager

23-month fixed-term contract

Manchester: £74,818 - £84,453

Milton Keynes: £77,903 - £87,936

Hybrid (2 days per week in the office)

This key role will help shape group wide security at a pivotal time of growth, as AQA expands into digital exams and international markets. You’ll play a key role in strengthening how we protect our systems and information while supporting innovation across a complex, modern technology estate. As threats continue to evolve, you’ll apply sound judgement and a balanced, thoughtful approach to ensure security enables progress rather than slows it down.

This is a chance to influence meaningful change, work with a wide range of teams and make a visible impact on an organisation with a clear educational purpose.

You will operate within AQA’s Enterprise Technology Security & Risk team to provide security consultancy, oversight and assurance across the Group. You will maintain and evolve the Information Security Management System (ISMS) and ensure solutions and services proportionately balance security needs with desired business outcomes, supporting AQA’s mission to benefit learners of all abilities.

• Provide security consultancy and oversight across Enterprise Technology and the wider Group, ensuring solutions meet business and security requirements and align with ISO 27001.
• Own and evolve ISMS policies, standards and audits; lead incident response and supplier assurance; surface risks and drive mitigation and prevention.
• Partner with business areas to embed secure ways of working; plan and deliver periodic security testing and technology security roadmaps across systems and services.

• A strong track record in providing information security, cyber security and data protection advice and guidance.
• A solid background in managing information security, cyber and data protection risks.
• Confident handling of security incidents, including events, weaknesses and breaches.
• A proven ability to deliver supplier and third party security assurance.
• Skilled in acting as a security SME within programmes or projects, with good working knowledge of ISO 27001.

• 25 days’ annual leave, rising to 30 with service, plus bank holidays and extra closure days at Christmas.
• A 35‑hour working week with flexible working arrangements.
• An excellent contributory pension scheme (6%–11.5% depending on your contribution).
• Life assurance, BUPA PMI, and health cash plan.
• Enhanced maternity and paternity schemes.

At AQA, we are committed to fostering a workplace that celebrates diversity and promotes equity and inclusion. We believe that a diverse team brings richer perspectives and drives better outcomes. Our ED&I strategy ensures that everyone—regardless of religion, ethnicity, gender identity or expression, age, disability, sexual orientation, or background—is valued, respected, and empowered to thrive. We actively promote inclusive language, avoid stereotypes, and strive for representation across all dimensions of diversity.

We welcome applications from individuals of all backgrounds and lived experiences.

To apply, submit your CV by following the link provided.

Sunday 1st March

First stage interviews will take place via MS Teams w/c 2nd March and second stage will take place in person w/c 9th March.

We have a preferred supplier list (PSL) in place. Unsolicited CVs will be treated as a gift. We will not be subject to or liable under your terms and conditions for agency fees.

As a System Security Manager you will operate within the (Enterprise Technology) Security & Risk team working closely with the Head of Architecture & Security and the Enterprise Security Manager. You will lead on the delivery of a range of security…